Gestion des identités et des accès
Securing and simplifying identity and access management across Microsoft cloud environments.
Identity is the new perimeter. In a cloud-first, hybrid work environment, traditional network boundaries no longer protect your organisation — every access decision is an identity decision. Who is this user? Is their device trusted? Should they have access to this resource, right now, from this location?
One Step Beyond specialises in securing identities in Microsoft cloud environments. As a certified Microsoft Solutions Partner for Modern Work & Security, our engineers implement Microsoft Entra ID, Conditional Access, and Zero Trust identity architectures that ensure every access request is continuously verified — regardless of whether the user is on-premises, working remotely, or accessing cloud-native applications. For organisations requiring broader IAM capabilities beyond the Microsoft stack — CyberArk PAM, SailPoint IGA, Silverfort, RSA — we collaborate with our Swiss Expert Group partners e-Xpert Solutions and eb-Qual, who hold deep certified expertise across the full IAM vendor landscape.
Our IAM Capabilities :
Microsoft Entra ID — Cloud Identity Foundation
Microsoft Entra ID (formerly Azure Active Directory) is the identity foundation of every Microsoft cloud deployment — and the central control point for Zero Trust security in Microsoft 365, Azure, and hybrid environments. Our engineers design and implement Microsoft Entra ID architectures that govern user identities, group memberships, application registrations, and service principals across your entire Microsoft ecosystem.
We cover full-lifecycle Entra ID implementations: directory design and hybrid identity synchronisation (Entra ID Connect), application integration and SAML/OIDC/OAuth configuration, external identity management (Entra External ID), B2B collaboration, and Entra ID governance — including access reviews, entitlement management, and Privileged Identity Management (PIM) for just-in-time administrative access.
Zero Trust Identity Architecture
Zero Trust replaces implicit network trust with explicit, continuous identity verification at every access decision. For Microsoft cloud environments, this means implementing Conditional Access policies that evaluate identity, device health, location, and application sensitivity before granting access — and blocking or challenging requests that do not meet defined security thresholds.
Our engineers design and implement Zero Trust identity architectures using Microsoft Entra ID Conditional Access, Microsoft Intune for device compliance, and Microsoft Entra ID Protection for risk-based access policies. Every policy is tailored to your organisation’s risk profile and tested against your specific access patterns — ensuring that Zero Trust controls improve security without disrupting legitimate user workflows.
Multi-Factor Authentication (MFA) & Passwordless Authentication
Credentials are the most commonly exploited attack vector in cloud environments — and MFA is the single most effective control against credential-based attacks. Our engineers implement Microsoft Entra ID MFA across your organisation — covering Microsoft Authenticator, FIDO2 security keys, and certificate-based authentication — with a phased rollout approach that minimises user disruption.
For organisations ready to move beyond passwords entirely, we implement Microsoft Entra ID passwordless authentication — eliminating the password as an attack surface while improving the user experience. We also extend MFA coverage to legacy and non-Microsoft systems using Silverfort’s agentless authentication proxy — a capability we deliver in collaboration with our Swiss Expert Group partners.
Privileged Identity Management (PIM) & Admin Access Governance
Administrative accounts are the most targeted identities in any Microsoft environment. Standing administrative privileges — where admins have permanent elevated rights — create unnecessary risk that attackers actively seek to exploit. Microsoft Entra ID Privileged Identity Management (PIM) eliminates standing privileges by enforcing just-in-time access elevation: admins request elevated rights, provide a justification, and receive time-limited access — with full audit trails and approval workflows.
Our engineers implement Entra ID PIM across your Microsoft 365 and Azure administrative roles — covering role activation workflows, approval requirements, access reviews, and alerts on suspicious privileged activity. For environments requiring PAM beyond the Microsoft stack — CyberArk for server and application privileged access — we collaborate with our Swiss Expert Group partners e-Xpert Solutions and eb-Qual.
Identity Governance & Entitlement Management
As organisations grow, access rights accumulate — creating entitlement sprawl that is both a security risk and a compliance liability. Microsoft Entra ID Governance provides automated access reviews, entitlement management packages, and lifecycle workflows that ensure users have only the access they need, that access is reviewed regularly, and that joiners, movers, and leavers are handled consistently.
Our engineers implement Entra ID Governance programmes that align with Swiss regulatory requirements — including FINMA access control obligations for financial institutions, nLPD data minimisation principles, and ISO 27001 access management requirements. For broader IGA programmes spanning non-Microsoft systems, we collaborate with our Swiss Expert Group partners who hold certified SailPoint expertise.
Single Sign-On (SSO) & Application Integration
Users managing multiple sets of credentials for different applications create both a security risk — password reuse, phishing exposure — and a productivity cost. Microsoft Entra ID provides Single Sign-On across thousands of pre-integrated SaaS applications and custom enterprise applications — enabling users to authenticate once and access all their applications seamlessly.
Our engineers configure Entra ID SSO integrations across your application landscape — covering both Microsoft and non-Microsoft applications using SAML, OIDC, and OAuth protocols. We also implement application proxy for legacy on-premises applications, bringing them into the Entra ID authentication fabric without requiring migration to the cloud.
Why One Step Beyond for IAM?
One Step Beyond’s IAM practice is built on deep Microsoft Entra ID expertise — the identity platform that sits at the centre of every Microsoft cloud environment. As a Microsoft Solutions Partner for Modern Work & Security, our engineers hold advanced Microsoft certifications and have implemented identity architectures for Swiss organisations across the financial, healthcare, industrial, and public sectors.
Our differentiation in IAM is clarity of focus: we specialise in Microsoft cloud identity — Entra ID, Zero Trust, MFA, PIM, and governance — and we deliver it with the rigour of a security-first partner, not just a Microsoft deployment house. Every IAM implementation we deliver is designed to be auditable, maintainable, and aligned with the regulatory requirements applicable to Swiss organisations.
For IAM capabilities beyond the Microsoft stack — CyberArk PAM, SailPoint IGA, Silverfort, RSA, Keyfactor, Altipeak — we work seamlessly with our Swiss Expert Group partners e-Xpert Solutions (Geneva, Lausanne) and eb-Qual (Givisiez, Kloten), who hold certified expertise across these platforms and operate the MSS PAM managed service for CyberArk environments.
We operate from our office in Gland (Vaud), serving organisations across French-speaking Switzerland and beyond.
Technologies We Work With :
One Step Beyond’s core IAM expertise is built on the Microsoft identity platform:

For organisations requiring IAM capabilities beyond Microsoft — Privileged Access Management (CyberArk), Identity Governance (SailPoint), agentless MFA (Silverfort), authentication (RSA), PKI (Keyfactor), and digital identity (Altipeak) — these technologies are delivered by our Swiss Expert Group partners e-Xpert Solutions and eb-Qual, who hold certified expertise across each platform.






Ready to Secure Your Identities?
Whether you are implementing Microsoft Entra ID for the first time, deploying Zero Trust identity controls, rolling out MFA, or governing privileged access across your Microsoft cloud environment, One Step Beyond brings certified Microsoft identity expertise and a proven Swiss track record. Contact us to discuss your identity security challenges.
Frequently Asked Questions – Identity & Access Management in Switzerland
Q : What is Microsoft Entra ID and how is it different from Active Directory?
Microsoft Entra ID (formerly Azure Active Directory) is Microsoft’s cloud-based identity and access management service. Unlike traditional on-premises Active Directory — which manages identities for domain-joined Windows computers within a corporate network — Entra ID is designed for cloud and hybrid environments, managing access to Microsoft 365, Azure, and thousands of SaaS applications from any device and location. Entra ID provides modern authentication protocols (SAML, OIDC, OAuth), conditional access policies, identity governance, and privileged identity management — capabilities that traditional Active Directory does not offer. Most Swiss organisations run a hybrid configuration: on-premises Active Directory synchronised to Entra ID via Entra ID Connect.
Q : What is Zero Trust and how is it implemented with Microsoft Entra ID?
Zero Trust is a security model that assumes no user, device, or network location should be trusted by default — every access request must be explicitly verified. In Microsoft cloud environments, Zero Trust identity is implemented through Microsoft Entra ID Conditional Access policies that evaluate four signals before granting access: identity (who is the user and what is their risk level), device (is it compliant and managed), location (is the access from an expected location), and application sensitivity (what level of assurance is required). Policies can require MFA, block access from non-compliant devices, limit access to specific geographic regions, and enforce session controls — all without impacting legitimate user workflows when properly configured.
Q : What is Privileged Identity Management (PIM) and why is it important?
Microsoft Entra ID Privileged Identity Management (PIM) is a service that manages, controls, and monitors access to important resources in Microsoft 365 and Azure. It eliminates standing administrative privileges — the practice of permanently assigning admin roles — and replaces them with just-in-time access elevation: administrators request elevated rights when needed, provide a business justification, and receive time-limited access that expires automatically. PIM reduces the risk of compromised admin accounts, satisfies FINMA and ISO 27001 privileged access control requirements, and provides the audit trails needed to demonstrate compliance.
Q : How does One Step Beyond handle IAM needs beyond Microsoft — CyberArk, SailPoint, Silverfort?
One Step Beyond specialises in Microsoft cloud identity. For IAM capabilities that extend beyond the Microsoft stack — CyberArk for Privileged Access Management, SailPoint for Identity Governance and Administration, Silverfort for agentless MFA extension, RSA for authentication, Keyfactor for PKI and machine identity, and Altipeak for digital identity — we collaborate with our Swiss Expert Group partners: e-Xpert Solutions (Geneva, Lausanne) and eb-Qual (Givisiez, Kloten), who hold certified expertise across these platforms and operate the MSS PAM managed service for CyberArk environments.
Q : How does IAM support Swiss regulatory compliance?
Identity and access management is a foundational control for multiple Swiss regulatory frameworks. FINMA circulars require financial institutions to implement privileged access controls, access reviews, and audit logging. The Swiss nLPD requires data minimisation — ensuring users only access personal data they need — and mandates security measures proportionate to data sensitivity. ISO 27001 Annex A requires access control policies, user access provisioning, privileged access management, and periodic access reviews. One Step Beyond implements Microsoft Entra ID controls aligned with all of these requirements — including access review automation, Conditional Access policies, PIM for privileged roles, and audit log retention configured for regulatory compliance periods.
Q : Where is One Step Beyond based?
One Step Beyond is headquartered in Gland (Vaud) — Route de Cité-Ouest 2, 1196 Gland, telephone +41 22 995 96 12. The company also operates an office in Budapest (Hungary). As part of Swiss Expert Group, One Step Beyond collaborates with e-Xpert Solutions (Geneva, Lausanne) and eb-Qual (Givisiez, Kloten) to deliver integrated cloud and cybersecurity solutions across Switzerland.